Giters

moul / sshportal

:tophat: simple, fun and transparent SSH (and telnet) bastion server

Home Page:https://manfred.life/sshportal

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

passwordless login?

coderofsalvation opened this issue · comments

commented

Actual Result / Problem

Don't know how to configure passwordless login

Some context

The invite feature is amazing (kudos for that!).
However, I was curious if it's also possible to redirect passwordless key-less logins, to allow execution of scripts on the filesystem (by specifying a loginshell in /etc/passwd or a script in the sshportal admin).

Example usecase:

server $ ssh localhost -p 2222 -l admin
config> user redirect stats@company.io /home/foo/statistics.sh

this would allow public programmable reports over ssh:

laptop $ ssh stats@company.io        # stats is basically launching `statistics.sh` 
funding left: €500
funders: 5
patreons: 12 
free diskspace: 100G (50%)
computation queue-size: 10
sessions: 
  john
  matt
  damon

public active sessions:
  https://company.io/s/k09k0s90dkfs
  https://company.io/s/lkjwekrwerwtt
    
$

or letting userscripts programmatically have their apps generate links (using sshportal as an interface):

$ ssh upload@company.io 
your filebin has been created:

  www: https://company.io/filebin/9798s7df8989
  ssh: cat project.zip | ssh 9798s7df8989@company.io "cat > project.zip"

NOTE: your bin will get deleted after 1 day

$

The point of the example above is not to implement filesharing into sshportal, but rather a passworldess username-to-script mapping (to integrate sshportal further with other apps/utilities as well).

Invite-links reduce a lot of ssh-friction, but this would also open up cgi-like frictionless actions.

commented

Hello @coderofsalvation,

I'm pretty sure this type of functionality would be out-of-scope for this project, simply because of its design.

What makes sshportal great is that it's basically an ssh pipe; it establishes a TCP connection to a remote host, and pipes I/O between your ssh client and the ssh server at destination (using SSH channels).

What makes it so great? Simply put, sshportal doesn't assume any particular context for your connection. You can be establishing a TTY-less connection, maybe your remote host has a custom shell (more on that later), maybe you simply want to run an ssh subsystem (e.g. SFTP), or maybe you simply want to set forwarding (e.g. X11, or network).

What's the drawback? SSHportal doesn't act as a full fledged ssh client in regards to the server it's connecting to. Thus it currently has no means to use the features ssh provides, such as command execution. Implementing this would mean creating a new type of session in sshportal which would resolve and run commands from an ssh client, and thus deviates (in my opinion) greatly from the purpose the project is supposed to serve, which is serving as a gateway/router between ssh clients and ssh servers.

Is there a way to achieve functionality still? Well of course, you can:

  1. Create a user on your ssh servers which has your script as the shell, and add it to sshportal. The user would connect to the ssh server which would run the script.
  2. Use an ssh subsystem on your target server, defined in your ssh server config:
    Subsystem runmyscript /usr/bin/myscript

Then run the script as follows:

ssh sshportal -l youruser -s runscript
commented

thanks for the explanation and hinting subsystems! ❤